Sophisticated malware attacks through routersMore
The malware, which researchers called "Slingshot", attacked and infected victims through compromised routers and could run in kernel mode, giving it complete control over victim devices.
Kaspersky says in a press release that Slingshot's sophistication suggests that the attackers behind it are "professional and probably state-sponsored". Since this library is loaded by "services.exe", a process that has system privileges, the poisoned library gained the same rights.
Two areas which Kaspersky believes to be particularly advanced are a kernel mode module called Cahnadr and GollumApp, a user mode module. The driver is used to provide persistence for GollumApp and to thwart debugging and anti-rootkit procedures.
According to Kaspersky, Slingshot primarily focuses on spying activities, such as collecting screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard contents, and more.
Once it infects a router, Slingshot is able to deploy "huge and powerful" modules on a target computer.
Slingshot appears to have been active as far back as 2012 thanks to its suite of encryption and security-bypassing techniques.
So far, researchers have seen around 100 victims of Slingshot and its related modules, located in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.
A report from Moscow-based Kaspersky Lab details how a threat it's calling "Slingshot" has been infecting victims, collecting a wide variety of data and exfiltrating it in a covert fashion. If you're running a Mikrotik router and haven't updated the firmware in the last, well, six years, you should download the appropriate package from its website. This triggered a detection that turned out to be an infected computer with a suspicious file inside the system folder named scesrv.dll. According to MikroTik's support forums, that exploit only works on RouterOS version 6.38.4, but one of the compromised routers found delivering Slingshot was running version 6.38.5, so it's possible a different exploit was used.
Brown tells Trump California is focused 'on bridges, not walls'
California has otherwise clashed viciously with the federal government , particularly on immigration issues. We invite you to come aboard and truly "Make America Great Again".
Days at Barca 'a kind of hell' - Andre Gomes
The treatment he's received when he has been on the pitch has often left him not wanting to venture out for days after a match. Things changed after my first six months and there was more pressure, which is fine but I'm too self-critical of myself.
Brabham Names New Car BT62, Engine Sound Revealed
Although not at all revealing, it does have a scent of a naturally aspirated V8. Perhaps more exciting than the name is the way the auto sounds.
The researchers note that owners of a MikroTik router and WinBox managing software should download the latest version of the program alongside updating the router itself to the latest version on its operating system. When forensic tools are active, for example, Slingshot is intelligent enough to shut down certain components.
Slingshot, discovered by Kaspersky Lab, is one of the more interesting pieces of recently discovered malware.
The company's global DDoSmon service observed 50 Memcached amplification attacks per day on average before February 24, but their frequency quickly rose to 372 per day by the end of last month and 1,938 per day this month.
Use a proven corporate grade security solution in combination with anti-targeted attack technologies and threat intelligence, like Kaspersky Threat Management and Defense solution (https://goo.gl/ea1ZqV).
The good news is that researchers from DDoS mitigation provider Corero Networks have discovered a "kill switch" that can be used to stop Memcached servers from sending malicious traffic.
The number of publicly exposed Memcached servers abused for DDoS reflection and amplification every day varied between under 10,000 and 20,000.
The countermeasure relies on the "flush_all" command that will instruct an abused server to invalidate its cache, including the large payloads put there by attackers.
Recommended News
-
13 March 2018'Fantastic Beasts: The Crimes Of Grindelwald' Trailer Tease Released
It looks like this film franchise is only going to get better, and I can not wait to finally see the first trailer. It is directed by longtime Harry Potter and Fantastic Beasts director David Yates , with a screenplay by J.K.RBC Eyes Another 20% Surge for Freeport-McMoRan Stock
Janney Montgomery Scott Llc increased Nvidia Corp (NASDAQ:NVDA) stake by 5,679 shares to 34,995 valued at $6.26 million in 2017Q3. Headlines about Freeport-McMoRan (NYSE: FCX ) have trended somewhat positive on Sunday, Accern Sentiment Analysis reports.13 March 2018Seahawks player abused for kneeling for anthem … despite not kneeling for anthem
Instead, opting to get on their knees and not properly represent the country which gave them the opportunity to play football. Thorpe, a key special-teams player, played in 14 games, but it's unclear whether he protested during the anthem. -
White House denounces United Kingdom nerve agent attack, mum on Russian Federation
Sanders described the incident as "an outrage" and said Washington has been closely monitoring developments. Instead, Sanders said the administration is condemning the attack and "standing with our ally".13 March 2018United States stocks end mixed after February jobs data
Johnson Controls was up 1.6 percent after saying it would consider selling a business that makes batteries for vehicles. The S&P 500 posted 61 new 52-week highs and no new lows; the Nasdaq Composite recorded 211 new highs and 24 new lows.
13 March 2018Ex-Bangladesh PM Zia gets bail in corruption case
She is the chairperson and leader of the Bangladesh Nationalist Party (BNP) which was founded by Rahman in the late 1970s. Lawyers said a two-member panel of judges considered the 72-year-old Zia's age and health condition in granting the bail. -
13 March 2018Spotify taps users to add music metadata with new feature
Spotify now touts of having 71 million premium subscribers and 159 million people who use the service at least once a month. Eddy Cue , Apple's senior vice president of Internet software and services, revealed the updated subscriber count at SXSW.Cameron Brate, Buccaneers Agree to 6-Year, $41 Million Contract
Brate became Tampa Bay's starter in 2015 after the team released Austin Seferian-Jenkins. But the Buccaneers themselves are coming off a disaster of a season (5-11).Chevron (CVX) Given Media Sentiment Score of 0.11
Shine Investment Advisory Services Inc. acquired a new stake in shares of Chevron during the second quarter worth $106,000. Beaumont Fincl Prtn Limited Liability Corp has 0.08% invested in Chevron Corporation (NYSE: CVX ) for 5,495 shares. -
Wolverine Asset Management LLC Sells 7933 Shares of Duke Realty Corp (DRE)
Employees Retirement Association Of Colorado holds 0.02% of its portfolio in Duke Realty Corporation (NYSE:DRE) for 72,506 shares. Sei Communications reported 4,155 shares. 323.50 million shares or 0.96% less from 326.63 million shares in 2017Q2 were reported.
13 March 2018Clinton Blames Her Loss on White Women Listening to Their Husbands
Now I win the coasts, I win Illinois, Minnesota, places like that. "And his whole campaign 'Make America Great Again, ' was looking backwards".Orlando Scandrick requests release from Cowboys, report says
Scandrick has a $5.28 million cap hit this year, with the Cowboys able to save $1.4 million by cutting. The Cowboys originally selected Scandrick in the fifth round of the 2008 NFL Draft out of Boise State.
